System for user authentication

ABSTRACT

A computer-implemented method of authenticating the identity of a user is provided, where the user is associated with a computer signature and is in possession of a cell phone. The method involves obtaining a current geographical location of the cell phone, determining if the computer signature is associated in a database with a stored geographical location of the phone, and, if the computer signature is associated in the database with a stored geographical location, comparing the stored geographical location to the current geographical location of the phone.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.17/149,776, filed Jan. 15, 2021, now U.S. Pat. No. 11,354,667, which isa continuation-in-part of U.S. patent application Ser. No. 16/724,361,filed Dec. 22, 2019, which is a continuation-in-part of U.S. patentapplication Ser. No. 15/787,805, filed Oct. 19, 2017, now U.S. Pat. No.10,521,786, which is a continuation-in-part of U.S. patent applicationSer. No. 15/606,270, filed May 26, 2017, now U.S. Pat. No. 10,289,833,which is a continuation-in-part of U.S. patent application Ser. No.15/134,545, filed Apr. 21, 2016, now U.S. Pat. No. 9,727,867, which is acontinuation-in-part of U.S. patent application Ser. No. 14/835,707,filed Aug. 25, 2015, now U.S. Pat. No. 9,391,985, which is acontinuation-in-part of U.S. patent application Ser. No. 14/479,266,filed Sep. 5, 2014, which is a continuation-in-part of U.S. patentapplication Ser. No. 14/145,862, filed Dec. 31, 2013, now U.S. Pat. No.9,033,225, which is a continuation-in-part of U.S. patent applicationSer. No. 13/479,235, filed May 23, 2012, now U.S. Pat. No. 8,770,477,which is a continuation-in-part of U.S. application Ser. No. 13/065,691,filed Mar. 28, 2011, now U.S. Pat. No. 8,640,197, which is acontinuation-in-part of U.S. patent application Ser. No. 12/600,808,filed on Nov. 18, 2009, now U.S. Pat. No. 8,370,909, which is the 371national stage in the U.S. of international patent application No.PCT/US2007/012552, filed May 29, 2007.

Priority is claimed to all of the above-identified applications, all ofwhich are incorporated herein by reference in their entireties.

TECHNICAL FIELD

This invention relates to Internet user identification. Morespecifically it relates to using computer characteristics to identify aninternet user. Even more specifically it relates to usingcharacteristics of the user's computer and a cell phone location toidentify the user.

BACKGROUND

The invention relates to a method and system for authenticating Internetuser identity, and more particularly, to a method and system forauthenticating internet user identity by cross-referencing thegeographical location of a internet user's Communication voice device,such as a mobile voice device, a Voice over Internet Protocol(hereinafter VoIP) telephone or non-mobile telephone, and thegeographical location of the computer signature.

Computer signature can be set of one or more hardware devicesinformation, unlimited example the gateway Mac address, the computer Macaddress, CPU serial number and more. The computer signature can also beset of one or more software components. Unlimited example—the operatingsystem serial number, cookie, combination of few software's versionsetc., hereinafter (computer signature)

The use of the internet has become a common a popular arena for the saleof goods and services. Such sales require the transmission of personaland confidential data belonging to the buyer of such goods and services.Such information is often the target of identity theft. In response tothe increase in the opportunity for the commission of fraud throughidentity theft, sellers and providers of goods and services through theinternet require a method whereby such fraud can be reduced.

With respect to internet usage, upon accessing the internet, an internetuser's computer is identified with an IP address, it should beunderstood that Internet Protocol Address (hereinafter “IP Address”)means any internet communication protocol such as but not limited toIPV4 and IPV6. And whenever the internet user enters a website, theinternet user's IP address is identified to the website owner. Suchidentified IP addresses can be traceable geographically to its source soas to determine the location (state and city) of the internet user, insome cases the IP address can be traced to a radius of a few miles fromits source. The comparison of the geographical location of the internetuser computer signature, with the geographical location of the internetuser Communication voice device can provide the seller or provider ameans to authenticate the identity of the Internet user.

United States Pat. App. Pub. No. 2001/0034718 A1 to Shaked et al.discloses a method of controlling access to a service over a network,including the steps of automatically identifying a service user andacquiring user information, thereby to control access. Additionally, amethod of providing service over a network, in which the servicerequires identification of a user, including the steps of automaticallyidentifying the user and associating the user with user information,thus enabling the service, is disclosed.

U.S. Pat. No. 6,466,779 to Moles et al. discloses a security apparatusfor use in a wireless network including base stations communicating withmobile stations for preventing unprovisioned mobile stations fromaccessing an internet protocol (IP) data network via the wirelessnetwork.

United States Pat. App. Pub. No. 2002/0188712 A1 to Caslin et al.discloses a fraud monitoring system for a communications system. Thefraud monitoring system analyzes records of usage activity in the systemand applies fraud pattern detection algorithms to detect patternsindicative of fraud. The fraud monitoring system accommodates bothtransaction records resulting from control of a packet-switched networkand those from a circuit-switched network gateway.

United States Pat. App. Pub. No. 2003/0056096 A1 to Albert et al.discloses a method to securely authenticate user credentials. The methodincludes encrypting a user credential with a public key at an accessdevice. The public key is part of a public/private key pair suitable foruse with encryption algorithm. The decrypted user credential is thentransmitted from the decryption server to an authentication server forverification. The decryption server typically forms part of amulti-party service access environment including a plurality of accessproviders. This method can be used in legacy protocols, such asPoint-to-Point Protocol (PPP), Password Authentication Protocol (PAP),Challenge-Handshake Authentication Protocol (CHAP), RemoteAuthentication Dial in User Server (RADIUS) protocol, Terminal AccessController Access Control System (TACAS) protocol, Lightweight DirectoryAccess Protocol (LDAP), NT Domain authentication protocol, Unix passwordauthentication protocol, Hypertext Transfer Protocol (HTTP), HypertextTransfer Protocol over Secure sockets layer (HTTPS), ExtendedAuthentication Protocol (EAP), Transport Layer Security (TLS) protocol,Token Ring protocol, and/or Secure Remote Password protocol (SRP).

United States Patent Application Publication Number US 2003/0101134 A1published to Liu et al. on May 29, 2003 teaches a method for transactionapproval, including submitting a transaction approval request from atransaction site to a clearing agency; submitting a user authorizationrequest from the clearing-agency to a user device; receiving a responseto the user authorization request; and sending a response to thetransaction approval request from the clearing agency to the transactionsite. Another method for transaction approval includes: submitting atransaction approval request from a transaction site to a clearingagency; determining whether a trusted transaction is elected; submittinga user authorization request from the clearing agency to a user deviceif a trusted transaction is determined to be elected; receiving aresponse to the user authorization request from the user device if theuser authentication request was submitted; and sending a response to thetransaction approval request from the clearing agency to the transactionsite. A system for transaction approval includes a clearing agency forthe transaction approval wherein the clearing agency having a functionto request for user authorization, a network operatively coupled to theclearing agency, and a user device adapted to be operatively coupled tothe network for trusted transaction approval.

United States Patent Application Publication Number US 2003/0187800 A1published to Moore et al. on Oct. 2, 2003 teaches systems, methods, andprogram products for determining billable usage of a communicationssystem wherein services are provided via instant communications. In someembodiments, there is provided for authorizing the fulfillment ofservice requests based upon information pertaining to a billableaccount.

United States Patent Application Publication Number US 2004/0111640 A1published to Baum on Jun. 10, 2004 teaches methods and apparatus fordetermining, in a reliable manner, port, physical location, and/ordevice identifier, such as a MAC address, associated with a device usingan IP address and for using such information, e.g., to support one ormore security applications. Supported security applications includerestricting access to services based on the location of a device seekingaccess to a service, determining the location of stolen devices, andauthenticating the location of the source of a message or other IPsignal, e.g., to determine if a prisoner is contacting a monitoringservice from a predetermined location.

United States Patent Application Publication Number US 2005/0159173 A1published to Dowling on Jul. 21, 2005 teaches methods, apparatus, andbusiness techniques for use in mobile network communication systems. Amobile unit, such as a smart phone, is preferably equipped with awireless local area network connection and a wireless wide area networkconnection. The local area network connection is used to establish aposition-dependent, e-commerce network connection with a wirelessperipheral supplied by a vendor. The mobile unit is then temporarilyaugmented with the added peripheral services supplied by the negotiatedwireless peripheral. Systems and methods allow the mobile unit tocommunicate securely with a remote server, even when the negotiatedwireless peripheral is not fully trusted. Also included are mobileunits, wireless user peripherals, and negotiated wireless peripheralsprojecting a non-area constrained user interface image on a displaysurface.

United States Patent Application Publication Number US 2005/0160280 A1published to Caslin et al. on Jul. 21, 2005 teaches providing frauddetection in support of data communication services. A usage patternassociated with a particular account for remote access to a data networkis monitored. The usage pattern is compared with a reference patternspecified for the account. A fraud alert is selectively generated basedon the comparison.

United States Patent Application Publication Number US 2005/0180395 A1published to Moore et al. on Aug. 18, 2005 teaches an approach forsupporting a plurality of communication modes through universalidentification. A core identifier is generated for uniquely identifyinga user among a plurality of users within the communication system. Oneor more specific identifiers are derived based upon the core identifier.The specific identifiers serve as addressing information to therespective communication modes. The specific identifiers and the coreidentifier are designated as a suite of identifiers allocated to theuser.

While these systems may be suitable for the particular purpose employed,or for general use, they would not be as suitable for the purposes ofthe present invention as disclosed hereafter.

BRIEF DESCRIPTION OF THE INVENTION

It is an object of the invention to produce a means to decrease thepotential for fraud through authentication of the identity of aninternet user. Accordingly, this method provides for authenticating theidentity of the internet user or purchaser (hereinafter “internet user”)through cross-referencing and comparison of at least two independentsources of information, such as, but not limited to, the internet user'scomputer signature geographical location and the geographical locationof a Communication voice device associated with the internet user.

It is another object of the invention to provide a means for providingan accurate geographical location of the Internet user and the internetuser's computer signature.

It is another object of the invention to provide a convenient means fordetermining the location of internet users at both mobile and non-mobileCommunication voice devices and terminals. Accordingly, this methodincludes the utilization systems and software that are used to locatethe geographical location of people or Communication voice devices, suchas, but not limited to Global Positioning Systems (GPS), Galileo, WiMax,Wi-Fi, RFID and external positioning apparatus, such as, but not limitedto, cellular base stations and antennas.

It is another object of the invention to provide a convenient means fordetermining a more accurate geographical location of routers using theinternet user Communication voice device's geographical location and thethe user computer signature.

This invention is a method and system for authenticating an internetuser identity by cross-referencing and comparing at least twoindependent sources of information. A first computer signature of aninternet user is identified. The geographical address of acommunications device of the internet user is traced to determine asecond location. The first and second locations are compared forgeographical proximity to confirm the identity of the internet user.Additionally, depending on the geographical proximity of the first andsecond location, a positive or negative score may be assigned to theinternet user, and access to the website and the ability to conducttransactions may be allowed or limited based on the assigned score.Alternatively, additional authentication information may be required ofthe internet user in order to proceed with the online transaction, oraccess by the internet user may be terminated.

A computer signature is created by identifying certain characteristicsof the computer. These characteristics act as identifiers of thecomputer. Every computer that is connected to the Internet has fewunique identifiers such as but not limited to: Computer Network Macaddress, CPU serial number, Operating System S/N. and more. In additionto the above the computer uses other network resources that have uniqueidentifiers such as but not limited to a Gateway or Router Mac Address.In addition to the above every computer has common identifiers such asbut not limited to: Operating system version, Disk Size, Internetbrowser version, hardware installed on the computer, network card speed,Operating system patches installed on the computer, CPU speed, memorysize, cookie, secret cookie, virtual memory size, other installedsoftware on the computer and more. Using one or more then one commonidentifiers together it is possible to create one unique computersignature for any given computer.

To the accomplishment of the above and related objects the invention maybe embodied in the form illustrated in the accompanying drawings.Attention is called to the fact, however, that the drawings areillustrative only. Variations are contemplated as being part of theinvention, limited only by the scope of the claims.

BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings, like elements are depicted by like reference numerals.The drawings are briefly described as follows.

FIG. 1 is a flow chart of the method and system of the presentinvention.

BEST MODE FOR CARRYING OUT THE INVENTION

This invention relates to a method and system for authenticatingInternet user identity by cross-referencing or comparing at least twoindependent sources of information, identifying at least twogeographical locations. Based upon geographical proximity of thelocations, a score is assigned to the internet user, and predeterminedaccess to a website and an ability to conduct transactions is allowed orlimited based upon the score. Alternatively, additional authenticationinformation can be required or access can be terminated. The inventionis also a convenient means for determining a more accurate geographicallocation of routers.

FIG. 1 illustrates a method for authenticating internet user identity bycross-referencing and comparing at least two independent sources ofinformation. In step 1, an internet user starts authentication. Then, instep 2, the online entity locates the geographic location of theInternet user's cell phone and checks the user's computer signature. Instep 3, the online entity looks for the computer signature in adatabase. If the computer signature is discovered, the method proceedsto step 4. In step 4, the online entity compares the distance betweenthe geographic location of the computer defined by the computersignature and the geographic location of the user's cell phone. If thedistance is acceptable, the authentication process continues at step 8.If the distance is not acceptable, the method goes to step 5.

If the computer signature is not in the database, the method alsocontinues to step 5. In step 5, the online entity attempts toauthenticate the computer by other means. In step 6, the authenticationis confirmed. If the authentication is acceptable, the method continuesto step 7. If the authentication is not acceptable, the method returnsto step 5 and repeats step 5.

If the authentication is acceptable, continues to step 7 assigning thegeographic location of the user's cell phone to the computer signatureand saving it in the database. The method then continues with theauthentication in step 8.

Referring to FIG. 1 , the method starts when the online entity decidesto authenticate the internet user accessing a website and providesinformation, as in steps 1 and 2. The website vendor then decides toauthenticate internet user identity, based on the information providedby the internet user, as shown in step 3. What information will triggerthe decision to authenticate the identity of the internet user will varyamong vendors employing the method described herein. For purposes ofclarity, the term vendor will be used hereafter and it should beunderstood that vendor means any business, organization or commercialentity which conducts on-line commercial transactions through a websiteon the internet, such as, but not limited to, banking institutions,on-line stores or other commercial or none commercial entities.

Upon accessing a website, in step 2, the computer signature will beidentified. The invention is not limited to a conventional computer, butmay include terminals, smart phones (PDA's) or other devices capable ofcommunicating with the internet. Whenever the internet user enters awebsite, the internet user's computer signature is identified for awebsite owner.

A computer signature is created by identifying certain characteristicsof the computer. These characteristics act as identifiers of thecomputer. Every computer that connected to the Internet has few uniqueidentifiers. Using one, or more then one, common identifiers together itis possible to create one unique computer signature. These identifiersare selected from the list of Computer Network Mac address, CPU serialnumber, Operating System S/N. and more. In addition to the above thecomputer uses other network resources that have unique identifiers suchas but not limited to a Gateway or Router Mac Address. In addition tothe above every computer has common identifiers such as but not limitedto: Operating system version, Disk Size, Internet browser version,hardware installed on the computer, network card speed, Operating systempatches installed on the computer, CPU speed, memory size, virtualmemory size, other installed software on the computer and more. A personskilled in the art will see that other computer characteristics could beused as identifiers to create a computer signature.

The vendor will then request from the internet user a contact number fora communications voice device, which is accessible to the internet userat the internet user's current location. Communication voice device, asused in the context of the present invention, applies to any voicedevice capable of communicating with another voice device such as, butnot limited to, phone, mobile voice device, VoIP telephone or personaldigital assistant (hereinafter PDA). Other non-limiting examples includeany device that has been modified or designed for voice or textcommunication. A geographical location for the communication voicedevice is then traced, as stated in step 2.

It should be understood that the term “mobile voice device”, as used inthe context of the present invention, applies to any mobile devicemodified or designed for voice or text communication and capable ofcommunicating with another device via wireless network such as but notlimited to cellular system, radio system, Wi-Fi, WiMax, RFID, Bluetooth(short wavelength radio transmissions), MIMO, UWB (Ultra Wide Band),satellite system or any other such wireless networks known now or in thefuture.

Other non-limiting examples include any device that has been modified ordesigned to communicate with a web-ready PDA, a Blackberry, a laptopcomputer with cellular connect capability, or a notification server,such as email server:

The geographical location of a telephone can be traced using any one ofexisting databases. As a non-mobile telephone is attached to a singlephysical location, the location is available using various existingdatabases. A Voice over Internet Protocol (hereinafter VoIP) telephoneis connected to high-speed internet access such as T1, DSL, cablemodems, or other available internet connection systems. A VoIP locationis available using various databases. A VoIP connection provider companycan provide the IP address to which such VoIP telephone is connectedsuch that the geographical location of the internet user is traceable tothe IP address.

The geographical location of a mobile voice device can be traced usingtechnology such as, but not limited to, Galileo, GPS, cellular antennanetwork, phone antenna, Wi-Fi, Bluetooth (short wavelength radiotransmissions), MIMO, UWB, WiMax, etc.

A cellular telephone location system for automatically recording thelocation of one or more mobile cellular telephones is described, forexample, in U.S. Pat. No. 5,327,144. The system comprises a central sitesystem operatively coupled to at least three cell sites. Each of thecell sites receives cellular telephone signals and integrates a timingsignal common to all the cell sites. The central site calculatesdifferences in times of arrival of the cellular telephone signalsarriving among the cell sites and thereby calculates the position of thecellular telephone producing the cellular telephone signals. Additionalexamples of known methods for locating phones are cell sector and cellsite.

The position of an internet user's mobile voice device can be determinedby, for example: (a) an internal positioning apparatus such as a GlobalPositioning System (hereinafter GPS) receiver built into the mobilevoice device that receives GPS radio signals transmitted from GPSsatellites; and (b) an external positioning apparatus such as a cellularpositioning system that computes the position of the mobile voice deviceby observing time differences among the arrivals of a radio signaltransmitted by the mobile voice device at a plurality of observationpoints, i.e., base stations. The operation of the GPS is well-known andwill not be described further herein.

Next, the geographical location of the IP address of the internet useris traced, as stated in step 2. Such an IP address can be tracedgeographically to its source so as to determine the location (state andcity) of the internet user. In some cases the system used to trace theIP address can be so accurate that it can identify a street and housenumber of the internet user.

Another means for obtaining the geographical location of the internetuser's computer signature, the internet user's ISP can be contacted torequest a full address from where the internet user is connected. Forexample, a modem dial-up internet user is assigned a unique computersignature by their ISP. After the internet user enters a username andpassword the ISP knows from which phone number that internet user calledand can trace a contacting number to a geographical location.

The present invention includes a method of locating a router'sgeographical location based on the computer signature geographicallocation. In addition, the invention includes a method of geographicallycomparing the user communication voice device and the computersignature. All of the methods may utilize a communication voice devicethat is either non-mobile telephone, a mobile telephone or a mobilevoice device.

Since the following is known:

-   -   1. The geographical location of the user's computer signature.    -   2. The routing table between the vendor internet web site and        the internet user.    -   Then, the vendor can locate the geographical location of the        closest public router to the internet user computer signature.        Since the first public router that the internet user is using is        close geographically to the internet user computer signature.

It is to be understood that the present invention is not limited to theembodiments described above, but encompasses any and all embodimentsunder the doctrine of equivalents.

In conclusion, herein is presented a method and system forauthenticating internet user identity. The invention is illustrated byexample in the drawing figures, and throughout the written description.It should be understood that numerous variations are possible, whileadhering to the inventive concept. Such variations are contemplated asbeing a part of the present invention.

INDUSTRIAL APPLICABILITY

This invention can be used for any purpose that is related to internetsecurity, internet commerce and internet user identification. Theinvention is specifically envisioned as an improvement over existinglog-in methods and purchases identification methods, but a personskilled in the art will recognize other applications.

I claim:
 1. A computer system configured to authenticate the identity ofa user in possession of a cell phone, who is attempting to access awebsite or conduct a transaction, the computer system being configuredto perform the following steps: a) receiving a computer signatureassociated with the user; b) receiving the geographical location of thecell phone; c) determining if the computer signature is in a database;d) if the computer signature is in the database, determining if thereceived geographical location of the cell phone is within an acceptabledistance from a saved geographical location of the cell phone, the savedgeographical location having been saved in the database in associationwith the computer signature after successful authentication of the user;e) if the computer signature is not in the database, then requiringadditional authentication information of the user; f) if the additionalauthentication information is acceptable, then saving the computersignature in the database, in association with the received cell phonegeographical location; and g) if the saved cell phone geographicallocation and the received cell phone geographical location are withinthe acceptable distance, then taking at least one of the followingactions: (i) allowing the user access to the website; (ii) allowing theuser to conduct the transaction; and (iii) assigning a positive score tothe user; wherein the geographical location of the cell phone and thesaved geographical location of the cell phone are identified by one ormore of the following: GPS, Wi-Fi, Galileo, cellular antenna network,phone antenna, Bluetooth, MIMO, UWB, and WiMax.
 2. The computer systemof claim 1, further configured to carry out the following action: if thesaved geographical location and the received cell phone geographicallocation are not within the acceptable distance, then requiringadditional authentication information of the user.
 3. The computersystem of claim 2, further configured to carry out the following action:if the additional authentication information is acceptable, saving thecomputer signature in the database, in association with the cell phonegeographical location.
 4. The computer system of claim 3, wherein thecomputer signature is a computer signature of the cell phone, andwherein said user is an Internet user.
 5. The computer system of claim4, wherein the computer signature comprises at least one of: operatingsystem version, cookie, and browser version.
 6. The computer system ofclaim 5, wherein the computer signature comprises a router MAC Address.7. The computer system of claim 2, further configured to carry out thefollowing actions: if the additional authentication information isacceptable, saving the computer signature in the database, inassociation with the cell phone geographical location; and taking atleast one of the following actions: (i) allowing the user access to thewebsite; (ii) allowing the user to conduct the transaction; and (iii)assigning a positive score to the user; wherein the computer signaturecomprises at least one software identifier.
 8. The computer system ofclaim 3, wherein the computer signature comprises an identifier of adevice other than the cell phone, and wherein said user is an Internetuser.
 9. The computer system of claim 8, wherein the device other thanthe cell phone is a computer, and wherein the computer is used by theuser in the attempt to access the web site or conduct the transaction.10. The computer system of claim 9, wherein the computer signature ofthe computer comprises of at least one of: operating system version,cookie, and browser version.
 11. The computer system of claim 10,wherein the computer signature comprises of a Mac Address of a router,wherein the router is used by the computer to access the Internet. 12.The computer system of claim 1, wherein the computer signature is anidentifier of the cell phone, and wherein said user is an Internet user.13. The computer system of claim 12, wherein the computer signaturecomprises of at least one of: operating system version, cookie, andbrowser version.
 14. The computer system of claim 13, wherein thecomputer signature comprises of a router MAC Address.
 15. The computersystem of claim 12, wherein the computer signature comprises of at leastone of hardware identifier.
 16. The computer system of claim 1, whereinthe computer signature comprises an identifier of a device other thanthe cell phone, and wherein said user is an Internet user.
 17. Thecomputer system of claim 16, wherein the device other than the cellphone is a computer, and wherein the computer is used by the user in theattempt to access the web site or conduct the transaction.
 18. Thecomputer system of claim 17, wherein the computer signature comprises atleast one of: operating system version, cookie, and browser version. 19.The computer system of claim 18, wherein the computer signaturecomprises a router MAC Address, and wherein the router is used by thecomputer to access the Internet.
 20. The computer system of claim 19,wherein the geographical location of the cell phone and the savedgeographical location of the cell phone are identified by at least oneof: GPS or Wi-Fi.